From mboxrd@z Thu Jan  1 00:00:00 1970
From: Maciej Purski <m.purski@samsung.com>
Subject: [PATCH] drm/exynos/hdmi: Fix unsafe list iteration
Date: Tue, 05 Sep 2017 14:23:02 +0200
Message-ID: <1504614182-1509-1-git-send-email-m.purski@samsung.com>
References: <CGME20170905122309eucas1p15739d5191e6471e9bfc05aa32b334f2e@eucas1p1.samsung.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <dri-devel-bounces@lists.freedesktop.org>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: dri-devel@lists.freedesktop.org, linux-arm-kernel@lists.infradead.org, linux-samsung-soc@vger.kernel.org
Cc: Maciej Purski <m.purski@samsung.com>, Seung-Woo Kim <sw0312.kim@samsung.com>, Krzysztof Kozlowski <krzk@kernel.org>, Kyungmin Park <kyungmin.park@samsung.com>, Kukjin Kim <kgene@kernel.org>
List-Id: linux-samsung-soc@vger.kernel.org

RnVuY3Rpb24gaGRtaV9tb2RlX2ZpeHVwKCkgdXNlZCBiYXJlIGxpc3RfZm9yX2VhY2ggZW50cnks
IHdoaWNoIHdhcwp1bnNhZmUgYW5kIGNhdXNlZCBtZW1vcnkgY29ycnVwdGlvbiBkZXRlY3RlZCBi
eSBrYXNhbi4KSXQgbm93IHVzZXMgZHJtX2Zvcl9lYWNoX2Nvbm5lY3Rvcl9pdGVyIG1hY3JvLCB3
aGljaCBpcyBub3cgcmVjb21tZW5kZWQKYnkgdGhlIGRvY3VtZW50YXRpb24gYW5kIHNhZmUuCgpT
aWduZWQtb2ZmLWJ5OiBNYWNpZWogUHVyc2tpIDxtLnB1cnNraUBzYW1zdW5nLmNvbT4KLS0tCiBk
cml2ZXJzL2dwdS9kcm0vZXh5bm9zL2V4eW5vc19oZG1pLmMgfCAxNCArKysrKysrKysrKy0tLQog
MSBmaWxlIGNoYW5nZWQsIDExIGluc2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZmIC0t
Z2l0IGEvZHJpdmVycy9ncHUvZHJtL2V4eW5vcy9leHlub3NfaGRtaS5jIGIvZHJpdmVycy9ncHUv
ZHJtL2V4eW5vcy9leHlub3NfaGRtaS5jCmluZGV4IDIxNGZhNWUuLjAxMDlmZjQgMTAwNjQ0Ci0t
LSBhL2RyaXZlcnMvZ3B1L2RybS9leHlub3MvZXh5bm9zX2hkbWkuYworKysgYi9kcml2ZXJzL2dw
dS9kcm0vZXh5bm9zL2V4eW5vc19oZG1pLmMKQEAgLTk0NCwyMiArOTQ0LDI3IEBAIHN0YXRpYyBi
b29sIGhkbWlfbW9kZV9maXh1cChzdHJ1Y3QgZHJtX2VuY29kZXIgKmVuY29kZXIsCiAJc3RydWN0
IGRybV9kZXZpY2UgKmRldiA9IGVuY29kZXItPmRldjsKIAlzdHJ1Y3QgZHJtX2Nvbm5lY3RvciAq
Y29ubmVjdG9yOwogCXN0cnVjdCBkcm1fZGlzcGxheV9tb2RlICptOworCXN0cnVjdCBkcm1fY29u
bmVjdG9yX2xpc3RfaXRlciBjb25uX2l0ZXI7CiAJaW50IG1vZGVfb2s7CiAKIAlkcm1fbW9kZV9z
ZXRfY3J0Y2luZm8oYWRqdXN0ZWRfbW9kZSwgMCk7CiAKLQlsaXN0X2Zvcl9lYWNoX2VudHJ5KGNv
bm5lY3RvciwgJmRldi0+bW9kZV9jb25maWcuY29ubmVjdG9yX2xpc3QsIGhlYWQpIHsKKwlkcm1f
Y29ubmVjdG9yX2xpc3RfaXRlcl9iZWdpbihkZXYsICZjb25uX2l0ZXIpOworCWRybV9mb3JfZWFj
aF9jb25uZWN0b3JfaXRlcihjb25uZWN0b3IsICZjb25uX2l0ZXIpIHsKIAkJaWYgKGNvbm5lY3Rv
ci0+ZW5jb2RlciA9PSBlbmNvZGVyKQogCQkJYnJlYWs7CiAJfQorCWlmIChjb25uZWN0b3IpCisJ
CWRybV9jb25uZWN0b3JfZ2V0KGNvbm5lY3Rvcik7CisJZHJtX2Nvbm5lY3Rvcl9saXN0X2l0ZXJf
ZW5kKCZjb25uX2l0ZXIpOwogCi0JaWYgKGNvbm5lY3Rvci0+ZW5jb2RlciAhPSBlbmNvZGVyKQor
CWlmICghY29ubmVjdG9yKQogCQlyZXR1cm4gdHJ1ZTsKIAogCW1vZGVfb2sgPSBoZG1pX21vZGVf
dmFsaWQoY29ubmVjdG9yLCBhZGp1c3RlZF9tb2RlKTsKIAogCWlmIChtb2RlX29rID09IE1PREVf
T0spCi0JCXJldHVybiB0cnVlOworCQlnb3RvIGNsZWFudXA7CiAKIAkvKgogCSAqIEZpbmQgdGhl
IG1vc3Qgc3VpdGFibGUgbW9kZSBhbmQgY29weSBpdCB0byBhZGp1c3RlZF9tb2RlLgpAQCAtOTc5
LDYgKzk4NCw5IEBAIHN0YXRpYyBib29sIGhkbWlfbW9kZV9maXh1cChzdHJ1Y3QgZHJtX2VuY29k
ZXIgKmVuY29kZXIsCiAJCX0KIAl9CiAKK2NsZWFudXA6CisJZHJtX2Nvbm5lY3Rvcl9wdXQoY29u
bmVjdG9yKTsKKwogCXJldHVybiB0cnVlOwogfQogCi0tIAoyLjcuNAoKX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KZHJpLWRldmVsIG1haWxpbmcgbGlzdApk
cmktZGV2ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHBzOi8vbGlzdHMuZnJlZWRlc2t0b3Au
b3JnL21haWxtYW4vbGlzdGluZm8vZHJpLWRldmVsCg==

From mboxrd@z Thu Jan  1 00:00:00 1970
From: m.purski@samsung.com (Maciej Purski)
Date: Tue, 05 Sep 2017 14:23:02 +0200
Subject: [PATCH] drm/exynos/hdmi: Fix unsafe list iteration
References: <CGME20170905122309eucas1p15739d5191e6471e9bfc05aa32b334f2e@eucas1p1.samsung.com>
Message-ID: <1504614182-1509-1-git-send-email-m.purski@samsung.com>
To: linux-arm-kernel@lists.infradead.org
List-Id: linux-arm-kernel.lists.infradead.org

Function hdmi_mode_fixup() used bare list_for_each entry, which was
unsafe and caused memory corruption detected by kasan.
It now uses drm_for_each_connector_iter macro, which is now recommended
by the documentation and safe.

Signed-off-by: Maciej Purski <m.purski@samsung.com>
---
 drivers/gpu/drm/exynos/exynos_hdmi.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/exynos/exynos_hdmi.c b/drivers/gpu/drm/exynos/exynos_hdmi.c
index 214fa5e..0109ff4 100644
--- a/drivers/gpu/drm/exynos/exynos_hdmi.c
+++ b/drivers/gpu/drm/exynos/exynos_hdmi.c
@@ -944,22 +944,27 @@ static bool hdmi_mode_fixup(struct drm_encoder *encoder,
 	struct drm_device *dev = encoder->dev;
 	struct drm_connector *connector;
 	struct drm_display_mode *m;
+	struct drm_connector_list_iter conn_iter;
 	int mode_ok;
 
 	drm_mode_set_crtcinfo(adjusted_mode, 0);
 
-	list_for_each_entry(connector, &dev->mode_config.connector_list, head) {
+	drm_connector_list_iter_begin(dev, &conn_iter);
+	drm_for_each_connector_iter(connector, &conn_iter) {
 		if (connector->encoder == encoder)
 			break;
 	}
+	if (connector)
+		drm_connector_get(connector);
+	drm_connector_list_iter_end(&conn_iter);
 
-	if (connector->encoder != encoder)
+	if (!connector)
 		return true;
 
 	mode_ok = hdmi_mode_valid(connector, adjusted_mode);
 
 	if (mode_ok == MODE_OK)
-		return true;
+		goto cleanup;
 
 	/*
 	 * Find the most suitable mode and copy it to adjusted_mode.
@@ -979,6 +984,9 @@ static bool hdmi_mode_fixup(struct drm_encoder *encoder,
 		}
 	}
 
+cleanup:
+	drm_connector_put(connector);
+
 	return true;
 }
 
-- 
2.7.4